Any reason NOT to switch to Firefox?

Discussion in 'other software & services' started by ejr, Jan 23, 2007.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    I have always used Internet Explorer. But for years now I have read that other browsers are more secure, safer. With the choice in browsers now available, is there any reason to stick with IE?
     
  2. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Most webpages were written to be compatible with IE since it has been taken to be the standard for browser programming. The others may not have the complete set of plug-in add-ons that IE has. Others such as Firefox and Opera are widely used and can display most webpages without any problems. I've continued to use IE since I dropped Netscape several years ago. I usually switch between Firefox and IE and when a webpage doesn't show properly on FF, it usually displays OK on IE.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    as long as you secure and keep IE patched it should be fine for everyday use.

    the browser u use is just a personal preference based on what features u want, how u like the interface, etc.

    @ccsito - have u tried teh ietab extension for firefox?
     
  4. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    No Wsfuser. Still using version 1.5 on my laptop.
     
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    ietab lets u view pages in an "IE" tab. its very handy for viewing those IE only pages. and it does work on Fx 1.5.
     
  6. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    Thanks for the tip. I will try it out on webpages that I come across.
     
  7. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    Vulpaphobia? :D


    I'll purposefully misconstrue this as is there any reason not to rip it out by its bloody entrails from the OS itself?
    (w\ XPLite or nLite)
    In which case yes, you need it for automatic updates to work if you dont manually download from technet or use ~Link removed - Not recommended by this forum - Ron~
    and you need it to make Windows Explorer work properly (webview) but to actually use?

    No

    slap a noaccess.rat on the beast restrict its IP ranges at the firewall and deny it as much permission as possible with a HIPS

    if a website cant bother to conform to W3C verification
    make a single exception using IE so you can get thier email addy and tell em to go @##%$$# themselves youll be back when they manage to pull thier head out of their %$##@%$%$#

    :D
     
    Last edited by a moderator: Jan 23, 2007
  8. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    No reason whatsoever to stick with IE.

    Tabbed browsing alone is very new to IE, but if you had FF or Opera, that's old news. If you like to customize things, Firefox could be the one for you. But if you want the browser to do pretty much everything from install, go for Opera, imo, the best around. Opera has shortcuts you don't dream about, has email client if you want, torrent client if you like, etc etc.

    Some simple things make life so easy in Opera, and obvious features, like 'right click- left click' goes back one page, 'left click- right click' goes forward, all sorts of mouse shortcuts, the 'Trash' to recover tabs that you accidentally closed, or regretted closing (in the same session), save sessions for later review (you can save 15 tabs if you want, with the label "external hard drive" for instance, for later reviewing and buying of HD's).
    Simple things that makes you look back and think "IE is stone age"
    Lets not talk about security, we only need to take a peak at Secunia
     
  9. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    but the advantages of alternatives really are what you dont get
    you dont get a browser that holds native permissions inside the OS itself and is actually an integral part of the shell, you dont get a browser with historically exploitable code employing dangerous protocols and default permissions, and you dont get a corporation that could care less about your security and would rather hold off on a patch that is so sensitive (because of the integral nature of the browser in the OS) it might bust a multnational's web application

    last year critical exploits went unpatched for 3\4th's of the year
    http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
    http://searchsmb.techtarget.com/originalContent/0,289142,sid44_gci1238795,00.html

    excerpt
     
    Last edited: Jan 23, 2007
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Nothing seems to arouse the passions, make the hair on your neck stand up, call forth abusive, almost vulgar language, than a discussion of browsers. It doesn't get quite as inflammatory here as in other forums, where a psychologist friend notes the rising anger, often starting between two posters, and then bringing in others, cresecendoing to a huge war of words and deleted posts. Why is this?

    Recently, the Brian Krebs blog from January 4 that Ice-Czar mentioned caused a furor. Even the comments in the blog degenerated into a war of words between Firefox and Opera users, the latter calling Krebs to task for mentioning Firefox as the only alternative to getting hacked. After some Opera users had their say, a Firefox afficionado replied, "And saying that Opera is more secure is stupid."

    Even more interesting is how any methodology and statistics can yield the results you want to show. This article infuriated a good many Firefox users:

    Internet Explorer 6.x More Secure than Firefox 1.x in 2006

    So, what about the Brian Krebs blog headline that IE users were at risk 284 days last year?

    A mathematician/statistician friend of mine puts it this way: "Theoretically, any application is at risk 365 days/year because of the potential for the discovery at any moment of a vulnerability." This is in keeping with my own thought that any line of code has the potential for mis-use.

    If you accept that premise - and I do - then either you plan your security from the bottom up and have protection below the browser for the "in case of fire" scenario, or you constantly worry and fret needlessly.

    What are you protecting against?

    The recent VML exploit caused much concern throughout the computing world. Another Brian Krebs blog included this:

    Unofficial Patch Released for IE Flaw

    (my emphasis)

    and this writeup which mentions that the web page could download one of three .html pages:

    The VML Exploit and Rootkits

    (my emphasis)

    Would you be protected against the installation of an unauthorized (not already installed) executable? An easy test: load an installation CD and attempt to run the setup.exe. If your security doesn't alert, I would suggest you have other problems besides a browser that might compromise you.

    An easy way to protect against that -- no purchase necessary -- is to set up Software Restriction Policies. Contact Wilder's resident expert on that, SpikeyB

    The question always arises with me, what is the likelihood that I will encounter one of these malicious web pages? "Social engineering" is still the principal trigger. Microsoft typically has this comment in its bulletins:

    Other security sites confirm this:

    Zero-Day Update: Important Update on VML Exploit

    The other means of getting to a malicious site could be just in one's everyday surfing.

    For more than six months now, each weekend a friend and I run what I call my "lo-sec" routine, where we do our normal internet work using Internet Explorer set on low security:

    http://www.urs2.net/rsj/computing/imgs/ie-options.gif

    We do this when we go directly to known malware sites, so that we can test/watch the exploit run.

    But in order to see what "normal" surfing would yield, we spend a couple of hours each Saturday/Sunday running this way. We have never gotten an alert (using Anti-Executable) to install something. Pop-ups sometimes, which we don't turn off, just to see if malware might be embedded in such. We monitor the cache, files created, have our firewalls configured to prompt for all outbound.

    I just use Google as I normally would, going to any site without reservation.

    My friend says she often gets the comment, "well, you just didn't go to the right sites" - or wrong, depending on your point of view.

    This is a valid observation, for it calls to mind the notion that our computing activities are just another aspect of our life, so that the situations we experience in computing are likely to reflect our other activities. If the right sites - the ones that would tend to attempt to install malware - are typically sites with "cheats," cracks, pirated software, then if you don't cheat or steal, you are not likely to go to those sites. The old adage, "what you sow, you will reap" still holds true for much in our life.

    The browser war, so-called, is much ado about nothing, in my opinion. As WSFuser puts it,

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  11. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    I have a slightly different standard

    does it ship and install so a reasonably thick 8 year old using it is secure?
    as a lowest common denominator for the www populace not a bad representative, because its the clueless that are the cannon fodder
    they are the bot nets, the spammers the battering rams of DDoS

    When assessing a threat its not only from a personal standpoint but an overall health of the system, especially when discussing an ubiquitous application. While nothing can lie like statistics, there are meaningful metrics and deceptive metrics, the patch cycle and number of infections from the wild are meaningful. Ive been singing this particular song long before Kreb's article based on the data at Secunia and countless encounters with the clueless's woes.

    And personally don't care what alternative is chosen as long as its not the IE engine.

    http://secunia.com/product/11/?task=statistics


    Privilege level
    http://i16.tinypic.com/4dnsefa.png
    http://i3.tinypic.com/30caiqv.png
    http://i18.tinypic.com/2hs810n.png
    http://i10.tinypic.com/2cep94g.png

    its the combination of how critical the exploit with how long it takes to patch after its discovery with its actual employment in the wild that is the only real metric

    and IE is the biggest looser
    OS integration was a bad idea taken for competitive advantage,
    well the edge it provided is gone and has turned into a malware conduit

    sure you can secure it there are generally workaround for even unpatched exploits if your aware of them, but should you morally encourage its use?
    Or promote alternatives that have responded to the end user and continue to stay ahead of the curve for both yourself and the clueless?
     
    Last edited: Jan 24, 2007
  12. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    I see it like this:

    If a site does not properly load in non-IE browsers, that's entirely the coder's fault. IE has worst compliance with W3C standards. Worst. Absolute joke of compliance. I have a website and even though 49% of visits to my site are through IE - and not always rendered well because IE does not support CSS as intended - I refuse to use even a single IE hack.

    IE, usability, interface, price of addons - a horrible joke on our expense. The productivity one can achieve with FF + 10/20/50 extensions is seven quantum leaps and three quantum hops ahead of IE with 19.95$ cookie cleaner and 29.95$ phishing toolbar.

    IE is embedded into OS, patched slowly, has millions of exploits available all over the place - whereas I have yet to find a SINGLE working FF exploit. I'm not talking about PoC. If someone can show me a page where you get infected by drive-by-download through FF, I'll send him a sixpack of Heineken. I'll even pay for quick shipping by FedEx.

    The talk "IE is more secure than FF", "FF had 23 exploits while IE has 19 hence IE is more secure" is nothing more than the purest of pure propagandas that server nothing but someone's pocket, add to the general feel of fear and paranoia. It may impress people who have never heard of anything else except IE, Windows and Outlook. A pure form of bovine excrements.

    Firefox has lots of beautiful and useful extensions, it can run portable from USB stick, it can share profile with other operating systems, it runs on other operating systems, it is several years of programming ahead of its buggy, crashy, ugly, copycat MS counterpart - if it can even be called that.

    No reason whatsoever to stick with IE. All the reasons in the world to switch and never ever look back.

    Mrk
     
  13. Mr2cents

    Mr2cents Registered Member

    Joined:
    Sep 18, 2004
    Posts:
    497
    I can't think of any reason for anyone to stay with "Internet Explorer Browser". I've been using firefox for about 3 years. I also use opera sometimes. Firefox is just a lot more secure browser.

    I haven't tried the newer version of "IE". I have ie version 6 installed on this computer.I never let it access the internet. I have it blocked with the firewall. I hate IE :D

    Some people hate norton. I hate "IE" :cool: It's the worst piece of software ever made in my opinion :D

    I know, someone is going to ask how I do windows updates? What updates ? Microsoft no longer gives updates to "Windows Me or Windows 98 Users'

    However, if you look at the majority of your windows updates. Most of them are a patch for "IE" ROFLMAO.

    Concerning website compatability.. You will find a few websites that require additional plug ins for Firefox. However, their aren't many of them. I do online banking with a small hometown bank. I've never had a problem using firefox with them.

    That's just my opinion of "IE". Version 7 may be better...I don't know. From all the reviews I've read on the internet... Firefox still beats out ie 7 by a long shot.
     
  14. Lamehand

    Lamehand Registered Member

    Joined:
    Mar 2, 2006
    Posts:
    428
    Location:
    the Netherlands,very near to the North sea
    Try to avoid using Microsoft-software all together,it is just expensive crap.

    Lamehand
     
  15. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Interesting statistics, but:

    Much more useful statistics would be: of all of the millions of computers world-wide that are infected, what percentage were the result of browser exploits? Of email executable attachments? Of ports/services exploits?

    The fact the the trojan ports are still exploited must mean that it is worth while for malware writers to do so because people either have no firewall, or don't have the exploit patched.

    http://www.urs2.net/rsj/computing/imgs/kerio_trojan.gif
    ___________________________________________________________

    Port graph:

    http://isc.sans.org/port.html?port=135

    The top viruses still propagate via email:

    Top 10 viruses reported to Sophos in December 2006

    Recent backdoor/bot trojans enter by "clicks" on email attachments, such as the recent postcard.exe:

    Second Trojan Variant Storm Worm Spreads through Social Engineering

    Trojan.Win32.Zapchast
    Other recent trojans
    __________________________________________________________

    Until those statistics are generated - and it would be almost impossible - we don't know how much of the problem is the browser exploit.


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
    Last edited: Jan 24, 2007
  16. Ice_Czar

    Ice_Czar Registered Member

    Joined:
    May 21, 2002
    Posts:
    696
    Location:
    Boulder Colorado
    I rail just as voraciously against
    folks not running Firewalls and AV scaners as using IE ;)

    difference is that everyone generally is forced to use a browser
    and the "default" application is of course the most flawed one
     
  17. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    erj you can try IE7 Pro freeware add-on - AD filter, mouse gestures, crash recovery, etc.
    In IE7 Internet zone can be set only to Medium and it alerts, if security settings are changed.

    Firefox is great though, especially with NoScript & extensions to block ADs, cookies, referres.
    Also backing up FF is a dream, just copy one folder (with favorites, extenions, etc) unlike IE.

    What do you have against me?! [​IMG] But you are right, especially beginners runing IE6. ;)
     
  18. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Concerning internet exploits, AV would be the last thing I would want to rely on behind the browser/email program because of the zero-day stuff.

    Some examples:

    1) http://isc.sans.org/diary.php?storyid=880

    2) http://www.offensivecomputing.net/?q=node/132

    Updating an AV database is the same as applying patches. Quicker, for sure, but there is still that window of opportunity. I wouldn't feel secure at all.

    Of course, one could argue that he wouldn't open attachments in the first place, in which case, he wouldn't even need an AV for that.

    Still no reason to dump IE.

    To quote again:


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  19. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Well, even if you think IE is as safe or safeR:eek: , just look at the functions and features missing...
    Face it, IE is stone age. And it's not that IE7 does more things and better than IE6 that will ever change my mind. Even if they update to IE8 with all the features in FF and Opera, i'll still prefer these, because they're the ones that are innovating!

    Again i repeat: new features in IE7 are already in FF and Opera for ages!

    If there are new features not in FF or Opera, that are in IE:eek: , my guess is:
    I'LL NEVER NEED THEM!
     
  20. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    My main reason for not switiching to Firefox is duplication of function. I hate to waste precious resources by having 2 programs that do the same thing.

    If you use Firefox, it is my understanding that you must also keep IE in order to do windows update. Is this correct?
     
  21. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Yes, but IE won't use anything if not used.
    But now that you say that, i now remember that there's a FF pluggin to act as IE. Maybe i can update with this? I'm not sure.

    Think it like this: i do more things and faster with Opera. Just try it, read a bit about it (short-cuts etc.) and you won't go back to IE.

    Simple things, that even if explained, you won't see the benefit. You'll answer: i don't need that, i can do that with this and that app., i can tweak it to do that, etc.
    Believe me, i read that, friends explained that to me, and i answered just like above. One fortunate day, IE wouldn't start, or crashed, and i tried FF. Then Opera. Like in my sig., i never looked back.

    Firefox is highly customizable. Opera probably has everything you need from the get-go, and you find features built-in, that you previously weren't aware of!
    Just give it a go, and try the features that Opera's homepage presents to you. You'll be surprised. It's best to try it out yourself, reading about it is not the same, believe me.
     
  22. PhiloVance

    PhiloVance Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    93
    Location:
    Bakersfield, CA
    Yes, that's correct. I keep IE (in this case IE7) around just for that and the fact that FF has both IE Tab and IE View which uses the IE engine. I've found quite a few places where FF does not display pages correctly.
     
  23. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    OK...I think I have been talked into trying Firefox or Opera. I am not trying to start a Firefox-Opera war.

    But what I want to know is:

    1. If I try Firefox, what extensions should I also try (thinking from a security perspective as well as blocking cookies and adds). And does it have settings that I can set to make it as secure as possible?

    2. Same for Opera...

    More than likely, I will not mess with many of the optional features to enhance the browsing experience. I am strictly making the change with PC security in mind.
     
  24. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    FF's exts: NoScript, CookieSafe, RefControl. Additionally: Adblock or Adblock Plus.
    With those extensions, you can enable cookies, referrers or scripts via FF's systray.
    As for Opera, I never got it to block cookies nor scripts, so I will rather say nothing.

    Blocking scripts, java, flash provides 99,99% security. NoScript can enable scripts for one page only, even when there are scripts from other pages included. That is, what I envy to Firefox.
     
  25. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    Some nice extensions for FF:

    Adblock / Adblock Plus (+Filterset.G Updater) for blocking ads
    Cookie Button + Cookie Button in the Status bar for blocking cookies
    Noscript, for blocking javascript and/or other plugins (flash, java)
    Refcontrol, for controlling the referrer of your browser
    User Agent Switcher, for changing the default ID of your browser for improved / false rendering of sites
    Video Downloader, for downloading flash movies
    ScrapBook, for easy saving and catalogueing of sites
    Zotero, for management of documents, websites, notes
    IE Tab, for using IE engine via Firefox
    Dr. Web Link checker, for checking remote links using Dr. Web AV
    Mouse Gestures or All-in-One Gestures, for those too lazy
    Sage, RSS feed reader
    FireFTP, an FTP client

    And so many more...

    Mrk
     
Loading...
Thread Status:
Not open for further replies.